Author: tadmin

Use fail2ban to protect your server with plesk panel from zero day exploit

~ tadmin ~ 4 Comments

To protect your server with Plesk control panel from zero day exploit the following fail2ban configuration can be added:

1. Added custom config with the following regex:
# more /etc/fail2ban/filter.d/apache-plesk-vulnerability.conf
# Fail2Ban configuration file
#
# Author: Taras Shkodenko
#
# $Revision: 1 $
#

[Definition]

# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named “host”. The tag “” can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P[\w\-.^_]+)
# Values: TEXT
#
failregex = ^ -.*”POST /%%70%%68%%70%%70%%61%%74%%68/%%70%%68%%70?%%2D%%64+%%61%%6C%%6C%%6F%%77%%5F%%75%%72%%6C%%5F%%69%%6E%%63%%6C%%75%%64%%65%%3D%%6F%%6E+%%2D%%64+%%73%%61%%66%%65%%5F%%6D%%6F%%64%%65%%3D%%6F%%66%%66.*

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
#

2. Added these lines to fail2ban configuration file: /etc/fail2ban/jail.conf
#
#
# Ban attackers that try to use Plesk zero day vulnerability
#

[apache-plesk-vulnerability]
enabled = true
filter = apache-plesk-vulnerability
action = iptables-multiport[name=apachePleskVulner, port=”http,https”, protocol=tcp]
sendmail-whois[name=apachePleskVulner, dest=serveradmin@shkodenko.com]
logpath = /var/log/httpd/access_log
maxretry = 1
#

3. To check new ban regex use command:
# /usr/bin/fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-plesk-vulnerability.conf

4. Restarted fail2ban using command:
# /sbin/service fail2ban restart

Find files and fix permissions bash script example

~ tadmin ~ 2 Comments

To find files and fix permissions example bash script below can be used:

$ ./find_fix_permissions.sh

#!/bin/bash

CORRECT_PERMISSIONS=644
SEARCH_FOLDER="./images/"

if [ "$(find $SEARCH_FOLDER -type f ! -perm $CORRECT_PERMISSIONS -print)" ]; then
    find $SEARCH_FOLDER -type f ! -perm $CORRECT_PERMISSIONS -print0 |xargs -0 chmod -fv $CORRECT_PERMISSIONS
fi

$

It searches all files in folder SEARCH_FOLDER including sub-folders and if these files found correct permissions set in variable CORRECT_PERMISSIONS

Apache .htaccess: Invalid command ‘AuthUserFile’, perhaps misspelled or defined by a module not included in the server configuration

~ tadmin ~ 2 Comments

To fix .htaccess error message: Invalid command ‘AuthUserFile’, perhaps misspelled or defined by a module not included in the server configuration
add directive

LoadModule authn_file_module modules/mod_authn_file.so

to main web server Apache configuration file /etc/httpd/conf/httpd.conf
check web server Apache configuration:

# /sbin/service httpd configtest

and reload web server using command:

# /sbin/service httpd graceful

Bind named check named.conf db zone file check

~ tadmin

Before making any configuration changes to any services remember to create backup.

1. To check named server Bind main configuration file /etc/named.conf syntax use command:

# named-checkconf /etc/named.conf

2. To check zone file configuration use command:

# named-checkzone shkodenko.com /var/named/run-root/var/shkodenko.com
zone shkodenko.com/IN: loaded serial 201306071
OK
#

3. To apply configuation files changes use command:

# /sbin/service named reload
Reloading named: [ OK ]
#

Apache server status setup

~ tadmin

To set up server status page for web server Apache use the following commands:

1. Check Apache web service configuration files
# /sbin/service httpd configtest
Syntax OK

2. Make backup copy of main web server Apache configuration file
# cp -fvp /etc/httpd/conf/httpd.conf /etc/httpd/conf/httpd.conf-2013-05-21.bak
`/etc/httpd/conf/httpd.conf’ -> `/etc/httpd/conf/httpd.conf-2013-05-21.bak’

3. Edit main web server Apache configuration file /etc/httpd/conf/httpd.conf with your favorite editor. Mine is vim.

3.1. Make sure status module is loaded:
LoadModule status_module modules/mod_status.so

3.2. Add these lines:
<Location /server-status>
SetHandler server-status
Order deny,allow
Deny from all
Allow from 11.123.44.56
</Location>

Where 11.123.44.56 is your IP address.
You can check your IP address here.

Now, you can check web server Apache status using URI /server-status e.g.: https://www.shkodenko.com/server-status

git change remote origin

~ tadmin

Sometimes you need to migrate remote git repository from one server to another.

I am using these commands to make migration:
[t.shkodenko@server1 git-projects]$ cd project
[t.shkodenko@server1 project]$ git remote -v
origin git@192.168.1.122:project.git (fetch)
origin git@192.168.1.122:project.git (push)
[t.shkodenko@server1 project]$ git remote rm origin
[t.shkodenko@server1 project]$ git remote add origin git@192.168.1.123:project.git
[t.shkodenko@server1 project]$ git config master.remote origin
[t.shkodenko@server1 project]$ git config master.merge refs/heads/master
[t.shkodenko@server1 project]$ git push origin master
Counting objects: 458, done.
Delta compression using up to 4 threads.
Compressing objects: 100% (255/255), done.
Writing objects: 100% (458/458), 8.83 MiB | 14.93 MiB/s, done.
Total 458 (delta 175), reused 428 (delta 158)
To git@192.168.1.123:project.git
* [new branch] master -> master
[t.shkodenko@server1 project]$ git remote -v
origin git@192.168.1.123:project.git (fetch)
origin git@192.168.1.123:project.git (push)
[t.shkodenko@server1 project]$

rkhunter installation procedure

~ tadmin

To install rkhunter on Linux servers I am usually using the following procedure:

# mkdir -pv /root/install
# cd /root/install/
# wget -O rkhunter-1.tar.gz http://sourceforge.net/projects/rkhunter/files/latest/download?source=files
# tar xzf rkhunter*.tar.gz
# cd rkhunter*
# sh installer.sh --layout default --install

To find out where it is installed I am use command:
# whereis rkhunter
rkhunter: /usr/bin/rkhunter /etc/rkhunter.conf /usr/share/man/man8/rkhunter.8

To update rkhunter databases run:

# /usr/bin/rkhunter --update

[ Rootkit Hunter version 1.4.0 ]

Checking rkhunter data files…
Checking file mirrors.dat [ No update ]
Checking file programs_bad.dat [ No update ]
Checking file backdoorports.dat [ No update ]
Checking file suspscan.dat [ No update ]
Checking file i18n/cn [ No update ]
Checking file i18n/de [ No update ]
Checking file i18n/en [ No update ]
Checking file i18n/zh [ No update ]
Checking file i18n/zh.utf8 [ No update ]
#

Also, I have created bash script:
# more /root/bin/update_and_check_rkhunter.sh

#!/bin/bash

date
/usr/bin/rkhunter --configfile /etc/rkhunter.conf --versioncheck
/usr/bin/rkhunter --configfile /etc/rkhunter.conf --update
/usr/bin/rkhunter -c --configfile /etc/rkhunter.conf --cronjob --propupd --createlogfile
date

#

… to check rkhunter version, update databases and run system check and added it to cron:
# crontab -l
1 2 * * 1 /root/bin/update_and_check_rkhunter.sh >/root/reports/update_and_check_rkhunter.log 2>&1

Problems with cPanel update MySQL conflicts with mysql-5.0.x

~ tadmin

To fix problem with cPanel / WHM upgrade if:

error: Failed dependencies:
MySQL conflicts with mysql-5.0.x

Read: http://docs.cpanel.net/bin/view/AllDocumentation/InstallationGuide/RPMTroubleshoot and forum posts http://forums.cpanel.net/f5/case-64049-overnight-update-failed-mysql-conflicts-mysql-5-0-77-4-el5_4-2-i386-320381.html

Made all MySQL databases backup and run command as root user:
# rpm -e –nodeps –allmatches –justdb mysql-5.0.x

It will resolve Conflict With Rogue mysql RPM.

Run cPanel / WHM update once again.